Overview

File _patchinfo of Package patchinfo.12322

<patchinfo incident="12322">
  <issue tracker="bnc" id="1124593">VUL-0:  CVE-2019-7164, CVE-2019-7548: python-SQLAlchemy: SQL Injection when the group_by parameter can be controlled.</issue>
  <issue tracker="cve" id="2019-7548"/>
  <issue tracker="cve" id="2019-7164"/>
  <category>security</category>
  <rating>important</rating>
  <packager>rhafer</packager>
  <description>This update for python-SQLAlchemy fixes the following issues:

Security issues fixed:

- CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593).
- CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593).
</description>
  <summary>Security update for python-SQLAlchemy</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places